PT-2009-2380 · Brewblogger · Brewblogger

Cwh Underground

Published

2009-08-06

Updated

2017-09-29

CVE-2008-6911

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: BrewBlogger version 2.1.0.1

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through the loginUsername parameter to the "includes/logincheck.inc.php" endpoint, specifically when the magic quotes gpc setting is disabled. The vulnerability is related to the authenticateUser function in "includes/authentication.inc.php".

Recommendations: For BrewBlogger version 2.1.0.1, consider disabling the authenticateUser function until a patch is available, or restrict access to the "includes/logincheck.inc.php" endpoint to minimize the risk of exploitation. Avoid using the loginUsername parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-6911

Affected Products

Brewblogger

PT-2009-2380 · Brewblogger · Brewblogger

CVE-2008-6911

Weakness Enumeration

Related Identifiers

Affected Products

References · 7